Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
EU Technology

Brussels Sets Out To Fix the GDPR (politico.eu) 64

The European Union is (finally) coming to grips with the dysfunctionalities of its most famous tech law of all: the General Data Protection Regulation. From a report: The European Commission will propose a new law before the summer that's aimed at improving how EU countries' privacy regulators enforce the GDPR, a newly published page on its website showed. Adopted in 2016, the privacy rulebook was a watershed moment in global tech regulation, forcing companies to abide by new standards such as asking for consent to collect people's data online against threats of hefty fines of up to 4 percent of global annual turnover. The law effectively became European officials' poster child of powerful legislation coming out of Brussels. But five years after EU data protection authorities started their job, as GDPR entered into force, activists, experts and some national privacy watchdogs have become frustrated at what they see as an inefficient system to tackle major cases, especially from Big Tech companies.

Most notably, critics have lamented the powerful role that the Irish Data Protection Commission has under the so-called one-stop shop rule, which directs most major investigations to run through the Irish system because tech companies like Meta, Google, Apple and others have set up their European homes there. Under the GDPR, tech companies are overseen by the national regulator in the EU country where they are headquartered. Ireland and, to a lesser extent, Luxembourg, where Amazon's EU headquarters is based, have faced mounting criticism in recent years for lax enforcement, which they deny. The Irish data authority in recent months imposed some major multimillion-euro fines to sanction GDPR infringements from Meta, the parent company of Instagram and Facebook. Now, a new EU regulation that is expected in the second quarter of 2023 wants to set clear procedural rules for national data protection authorities dealing with cross-border investigations and infringements. The law "will harmonize some aspects of the administrative procedure" in cross-border cases and " support a smooth functioning of the GDPR cooperation and dispute resolution mechanisms," the Commission wrote.

This discussion has been archived. No new comments can be posted.

Brussels Sets Out To Fix the GDPR

Comments Filter:
  • by Anonymous Coward

    ... is older than the GDPR, it's Steelie Neelie's legacy.

  • by friedmud ( 512466 ) on Tuesday February 21, 2023 @01:10PM (#63311863)

    can we please get rid of the damn cookie popups? Or have a global way to accept them? I seriously don't give a damn, and they are just a nuisance. I wish there was a flag I could set in my browser that just accepts all of them... so I can get back to using the web.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      can we please get rid of the damn cookie popups?

      Then contact the web masters: those web sites do not have to use cookie popups, it is just their strategy to annoy you and make you hate the GDPR.

      • A browser setting indicating you only want essential cookies would be nice.
        • Unless you log in to a site, there's no need for cookies.
          • by pacinpm ( 631330 )

            Not really. I may set some preferences (dark theme) for website even without creating account there. Cookies are also necessary for keeping permanent items in shopping card between browser sessions etc.

            • Well, then they can ask for permission to store such cookies ONLY when a user needs them, e.g. a "Save settings/items" option. The truth is, the vast majority of cookies have little or nothing to do with the website itself & are often from 3rd party surveillance services. Web browsers need some serious statutory constraints on them on what they're allowed to store & send to websites, similar to the way data protection laws prevent govt. agencies, utilities, etc., from sharing info about you with eac
    • by Merk42 ( 1906718 )
      It's UAC prompts all over again.
    • YES. Who doesn't want cookies can just not accept or save them or can save them just until the browser is closed or whatever. I trust more my browser than some never-ending blurb you would never be able to enforce (most likely against some site from a different continent), fuzzy regulations and so on.

    • Likewise. I've been managing my own cookies in my own browsers on my own computers not just since before GDPR, but since long before its "safe harbor" predecessor. I don't need or want some unaccountable pinhead bureaucrat on some other continent making those decisions for me. And I definitely don't need or want that bureaucrat's annoying-AF popups either.

    • But that only covers ONE popup. What about the autoplay video, subscribe, give us your email, etc., popups? Remember all the popups BEFORE the GDPR? Remember when Apple & Google killed Flash & everybody said, "Great! No more noisy, flashy, distracty, ads."? Yeah, didn't happen. This isn't a legal problem. This is just advertisers being advertisers.
      • No one cares about advertisers. That's a solved problem. The only popup I ever see is the cookie popup. Everything else is under control, managed or otherwise blocked by the browser.

        The exception being mobile. The stupid popups that appear after you scroll a few pages on mobile are f-ing stupid.

        • by pacinpm ( 631330 )

          Try AdGuard. It's not a perfect solution but so far the best one I have found to block ads on mobile websites.

    • Try the browser add on "I don't care about cookies" https://www.i-dont-care-about-... [i-dont-car...cookies.eu]

    • Why is that not a popular opinion?

      I am almost 100% sure **everybody** here doesn't want the pop-up either.

      If only there was a protocol [kde.org] which could be used to tell websites one doesn't want to be tracked and, thus, there is no need for any pop-up...

      If only...

    • can we please get rid of the damn cookie popups? Or have a global way to accept them? I seriously don't give a damn, and they are just a nuisance..

      Those popups were MADE TO BE A NUISANCE, designed to make more people hate GDPR and hence gain political pressure to neuter it.

      You should be angry at the website operators for these popups.

    • by Anonymous Coward

      Global accept OR deny. Cookie popups are a plague on humanity.

      Better yet, don't even answer. Even clicking "Deny all" indicates you read and accepted their cookie terms and conditions. Don't give them that power. Just hide all the cookie banners and consent form bullshit and proceed with your browsing.

      Fortunately you can bypass almost all of them with a bit of simple css rules and the stylus extension. It helps that more and more websites lazily use cookie cutter crap. Block any elements with "

    • can we please get rid of the damn cookie popups? Or have a global way to accept them?

      They are working on it, albeit at the usual speed of EU politics. There was a draft leaked a few years ago which among other things would have repealed Directive 2002/58/EC, and while the replacement directive still required cookie popups it basically said you only need to show it if the browser hasn't set a Do Not Track flag.

    • by MS ( 18681 )

      Yes, that's simple. I'm in the EU and I do webdesign and -programming for a living. My websites need no cookie-warning or consent-popup. I simply host all data on my server and do not link resources (jQuery, Fonts or whatever) from servers outside the EU. I also do not track users. I only use session-cookies to hold shopcart-contents, user-settings or the likes. No consent is needed for that under the GDPR. Even Google Analytics can be used, if the IP-masking function is used and data will not be crossed wi

    • by AmiMoJo ( 196126 ) on Tuesday February 21, 2023 @06:00PM (#63312621) Homepage Journal

      Complain. Those pop ups are mostly illegal.

      Read Recital 32 of GDPR. It says that agreement can't be coerced. A big banner than makes it easier to agree than to reject all is clearly coercing the user.

      None Of Your Business (NOYB) has been working on this for a while. You can complain and escalate to your local data protection authority if they refuse to fix it.

    • Off course. Most of them are illegal anyway. It is "malicious compliance" with the ePrivacy Directive (not the GDPR). The ePrivacy directive is about tracking, and it does not even seem to contain the word "cookie". The privacy violators obviously do not like that law and called it a cookie law, implementing cookie-walls that are meant to piss you off, with all dark patterns that make it almost or sometimes really impossible to deny tracking. These dark patterns are already illegal, but going to court is so
    • Here: https://www.i-dont-care-about-... [i-dont-car...cookies.eu]
      However, I suggest also using https://github.com/Cookie-Auto... [github.com]

    • There was a flag you could set in your browser to automatically block (not accept) tracking cookies, called Do Not Track ( https://en.wikipedia.org/wiki/... [wikipedia.org] )

      Unfortunately websites didn't honor it and it was ultimately abandoned as being another attempt at creating the "Evil Bit".

      However we CAN automatically remove a large number of cookie popups, using browser addons.

      The most popular is consent-o-matic, which detects popups with heuristics. This can be configured to allow tracking cookies if you want, but

  • by jenningsthecat ( 1525947 ) on Tuesday February 21, 2023 @01:21PM (#63311893)

    The Irish data authority in recent months imposed some major multimillion-euro fines to sanction GDPR infringements from Meta, the parent company of Instagram and Facebook.

    When they start routinely levying fines in the multi-hundred-million-euro range they may possibly get the attention of the tech giants. Until then, it's just a pocket-change cost of doing business that's probably dwarfed by what these companies are already spending to purchase legislation in various other areas of the world.

    • [I]t's just a pocket-change cost of doing business[...]

      This is intentional. The Irish regulators do not want to dissuade the mega-corporations from headquartering in Ireland, as that would reduce the amount of tax money that Ireland earns, as well as reducing employment in Ireland.

      Whosoever regulates lightest gets to host.

    • Fines from the EU are to drive change. Fines are never given in isolation, it is always a fine + a notice that they need to correct the behaviour which led to it. If the behaviour isn't corrected the fines increase heavily for non-compliance.

      They *have* the attention of the tech giants, giants who very much make changes at the whim of the EU regulator or sometimes produce special products for the EU only. Precisely because they are afraid of a second fine, the first is just a warning shot.

    • by AmiMoJo ( 196126 )

      The way these fines work is to increase if they don't change their ways. The goal is more to do with enforcement than punishment.

      • The way these fines work is to increase if they don't change their ways. The goal is more to do with enforcement than punishment.

        Thanks to both you and thegarbz for providing information I wasn't aware of - it appears I shot from the lip without realizing it.

    • by Tom ( 822 )

      They do. I mean, issue fines in two and three digit million Euro ranges. /. has regular postings about it. This is one of the things the GDPR does right - the fines depend on your global, corporate revenue - it cuts right through the trickery of setting up tiny subsidiaries.

  • GDPR: endless clicking on enable cookies and that is all.
  • Annoying (Score:5, Interesting)

    by nicubunu ( 242346 ) on Tuesday February 21, 2023 @02:08PM (#63312065) Homepage

    For me, GDPR meant that for every single site I visit, I can't access the content because I am served a big pop-up with options. If I have to disable the cookies, often I have to navigate a labyrinth of submenus and uncheck a lot of boxes (on desktop, with a small phone screen is even much harder). Most people I know just hit "accept all" to make it disappear fast, making the entire thing useless.

    • No it doesn't. GDPR is not the EU directive which lead to the cookie popup. That one predates the GDPR by quite a lot.

    • by MS ( 18681 )

      The GDPR does not require nag-screens. Session-cookies, that do not track, are perfectly legal and do not require any prior consent - not even a mention somewhere on the page. The GDPR even requires that the content of the websites must be accessible without the visitor being tracked. And also the button to DENY tracking or cookies HAS to be of the same size and visibility as the ACCEPT-button. The DENY has to be the default, so unchecking a lot of boxes to inhibit being tracked is illegal under the GDPR. M

    • by Tom ( 822 )

      Most sites by now understood that people actually DO opt out, and that people who want to opt out will leave the site if you make it too complicated. At least most of the sites that I visit give 2-3 easily chosen options, aside from "accept all" there's usually "accept necessary" and often "reject all".

      If you have specific sites in mind - complain to them and ask them to make it easier to opt out of at least the not-functionally-required ad networks and trackers.

    • What's this "Accept" nonsense? They just set all the cookies from the get-go and give you a nice shiny button that says, "GOT IT!"

      God, I absolutely hate "GOT IT!" as an option. As if such an informal phrase makes the exploitation more acceptable.

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Tuesday February 21, 2023 @02:10PM (#63312077) Homepage

    that things like the use of Google analytics need user consent. Many web sites use this, very few ask the user or tell them what is going on. No: GA is NOT "strictly necessary" for a web site to work; the owner might like it but that is not strictly necessary. Once this is clear then some high profile prosecutions would be in order.

  • Let's just add more legislation on top of the broken legislation, on top of older broken legislation, ad nauseum.

    They never get rid of the old broken legislation no matter how much it's warranted. Just pile on more bullshit that sounds good but helps nobody and make it more difficult to navigate. That's the EU way.
    • by MS ( 18681 )

      You are misinformed. The GDPR has effectively replaced the old privacy laws in all EU countries. Yes, it is even uniform throughout the EU.

      • You are misinformed. The EU itself replaced or overrode much of the laws in individual countries. That is not the same as deleting old broken laws or replacing them based on their lack of merit, it's just saying "use this set of broken laws instead". The EU has many more broken laws than they replaced to deal with.

        Can you point me to the last time they actually removed a law in the EU entirely? Any law?
        • by MS ( 18681 )

          You wrote, that the GDPR was *added on top" of broken legislation - which is not true. And now you are confirming, that the EU "replaced" older privacy laws. The older laws (which differed from country to country) are not valid any more. Nothing else did I say.

          The "Data Protection Act" from 1998 in the UK was replaced in May 2018 by the General Data Protection Regulations (GDPR).
          Same in Italy, where this new law replaces the "legge sulla privacy 675" from 1996 (yes, Italy was a precursor in privacy-laws) an

          • Saying "Yes, we'll go with the laws of the EU now" doesn't mean the laws that existed prior were repealed. They were just overridden.

            If another EU member country were to leave like Brexit in the UK, their prior laws would go back into effect. They were not replaced, just superseded.

            So has the EU itself ever removed one of the terrible laws they came up with, or did they just modify and build on top of it adding to the mess?
            • by MS ( 18681 )

              I do not like to repeat myself.
              Those who can read have a clear advantage. ;-)

  • by Tom ( 822 ) on Wednesday February 22, 2023 @01:13AM (#63313577) Homepage Journal

    Especially compared to most recent legislation, the GDPR is actually a pretty solid piece of work. Imperfect? Certainly. But all in all, it ticks off most of the boxes, had the intended effect, and has enough bite that even the multinationals are taking it seriously.

    A couple initial confusions were cleared up by the courts, and now it's become a standard across Europe that small and big companies alike follow. Does it have some silly consequences, like the cookie banners? Sure, but that's mostly because of all the ad networks and external trackers everyone wants to run.

    It's good that they work to improve it. But "dysfunctional" isn't a fair description. There's lot of other laws that fit that wording more.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...